SUSE: 2018:2928-1 Moderate: OpenSSL Cache Timing Attack Fix

suse

September 28, 2018

An update that solves one vulnerability and has 5 fixes is now available

Summary

This update for openssl fixes the following issues: These security issues were fixed: - Prevent One&Done side-channel attack on RSA that allowed physically near attackers to use EM emanations to recover information (bsc#1104789) - CVE-2018-0737: The RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could have recovered the private key (bsc#1089039) These non-security issues were fixed: - Add openssl(cli) Provide so the packages that require the openssl binary can require this instead of the new openssl meta package (bsc#1101470) - Fixed path to the engines which are under /lib64 on SLE-12 (bsc#1101246, bsc#997043) Patch Instructions:

Topics Covered

security advisory moderate update suse openssl cache timing attack rsa key generation

References

#1089039 #1101246 #1101470 #1104789 #1106197

#997043

Cross- CVE-2018-0737

Affected Products:

SUSE OpenStack Cloud 7

SUSE Linux Enterprise Software Development Kit 12-SP3

SUSE Linux Enterprise Server for SAP 12-SP2

SUSE Linux Enterprise Server 12-SP3

SUSE Linux Enterprise Server 12-SP2-LTSS

SUSE Linux Enterprise Desktop 12-SP3

SUSE Enterprise Storage 4

SUSE CaaS Platform ALL

SUSE CaaS Platform 3.0

OpenStack Cloud Magnum Orchestration 7

https://www.suse.com/security/cve/CVE-2018-0737.html

https://bugzilla.suse.com/1089039

https://bugzilla.suse.com/1101246

https://bugzilla.suse.com/1101470

https://bugzilla.suse.com/1104789

https://bugzilla.suse.com/1106197

https://bugzilla.suse.com/997043

Announcement ID: SUSE-SU-2018:2928-1

Rating: moderate

Topics Covered

security advisory moderate update suse openssl cache timing attack rsa key generation

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

SUSE: 2018:2928-1 Moderate: OpenSSL Cache Timing Attack Fix

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

SUSE: 2018:2928-1 Moderate: OpenSSL Cache Timing Attack Fix

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related Articles

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!